FB pixel

Don’t overlook US state law protecting collection of genetic data – legal insiders

| Jim Nash
Categories Biometrics News  |  Commercial Applications
Don’t overlook US state law protecting collection of genetic data – legal insiders
 

A pair of news stories this month, one only tangentially related to personal privacy, again point out the stakes involved in the commercial use of biometric identifiers.

In the U.S. state of Illinois, home of the landmark Biometric Information Privacy Act, plaintiffs who feel their identifiers are being misused have found a second state biometric law. This one addresses the use of genetic information by non-government organizations.

And indirectly, a breach at consumer genetics testing service 23andMe gives some more ammunition to privacy advocates who say DNA biometrics deserve better protection.

An analysis of Illinois’ Genetic Information Privacy Act in the insurance trade publication Claims Journal warns that GIPA could financially devastate some companies if they are not careful. (The states of Montana and California have passed their own GIPAs.)

The article says that, while enacted in 1998, the act has resulted in few lawsuits. Thirty cases were filed this year in Cook County, which includes Chicago.

The law allows for individuals to sue and for them to seek actual or statutory damage. Successful plaintiffs can collect $2,500 for each negligent violation and $15,000 per intentional or reckless violation.

An organization needs to get express written consent before transferring or disclosing genetic data. GIPA also outlaws insurance companies from using the data for anything other than therapeutic or underwriting purposes.

It also prohibits employers from asking for or requiring genetic tests in any way related to the terms of employment, according to the article.

The 23andMe situation is more nuanced. It actually is a story about a credential-stuffing attack, according to IT trade publication BleepingComputer. But the data stolen includes photos, gender and genetic ancestry, valuable information that cannot be changed once exposed.

In this context, it is important to note that anyone victimized in the credential-stuffing attack only has themselves to blame. They reused passwords.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics providers and systems evolve or get left behind

Biometrics are allowing people to prove who they are, speeding journeys through airports, and enabling anonymous online proof of age,…

 

Findynet funding development of six digital wallet solutions

Finnish public-private cooperative Findynet has announced it will award 60,000 euros (US$69,200) to six digital wallet vendors to help translate…

 

Patchwork of age check, online safety legislation grows across US

As the U.S. waits for the Supreme Court’s opinion on the Texas case of Paxton v. Free Speech Coalition, which…

 

AVPA laud findings from age assurance tech trial

The Age Verification Providers Association (AVPA), and several of its members, have welcomed the publication of preliminary findings from the…

 

Sri Lanka to launch govt API policies and guidelines

Sri Lanka’s government, in the wake of its digital economy drive, is gearing up to release application programming interface (API)…

 

Netherlands’ asylum seeker ID cards from Idemia use vertical ICAO format

The Netherlands will introduce new identity documents for asylum seekers Idemia Smart Identity, compliant with the ICAO specification for vertical…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events